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4) ^ Claim(s) 1-9 and 11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 
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7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 12 July 2004 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) ^ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)E| All b)D Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) D Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20081222 



Application/Control Number: 1 0/5 0 1 ,3 02 
Art Unit: 2431 



Page 2 



DETAILED ACTION 

1 . Claims 1-9 and 1 1 have been examined. 

Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2 ) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-8 are rejected under 35 U.S.C. 102(e) as being clearly anticipated by Lineman 
et al. U.S. Pat. No. 20030065942 (hereinafter Lineman). 

4. As per claim 1, Lineman discloses a computer system for providing security awareness in 
an organization, comprising: a memory means, constituted by a hard disk or Random Access 
Memory device, a central processor unit connected to said memory means, an input device, 
constituted by a mouse or keyboard device, connected to said central processor unit, for the input 
of a piece of security information into said computer system (Lineman: [0032]: creating security 
policy document), an output device, constituted by a printer or display device, connected to said 
central processor unit for the output of security information (Lineman: figure 4A and 4B), a 
policy module communicating with said input device and said memory means for the conversion 
of said piece of security information into an information security object, said information 
security object stored in said memory means (Lineman: [0033]: create a security policy and 
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represent the policy information in machine readable and human readable forms), and a survey 
module communicating with said memory means and said output means for generating from said 
information security object an element of a questionnaire to be output by means of said output 
device (Lineman: [0036]: quiz associated with security policy document and figure 2); wherein 
said modular content includes an object category, an object descriptor, an object content, a 
content category, and a target group (Lineman: [0044]: the policy wizard allows the 
administrator to draft questionnaires accordingly). 

5. As per claim 2, Lineman discloses the computer system according to claim 1 . Lineman 
further discloses the system comprising an educational module communicating with said 
memory means for receiving through said input device a set of answers to said questionnaire and 
for comparing said set of answers of said questionnaire with said information security objects for 
determining the correct and the incorrect answers, and generating, based on said incorrect 
answers, an educational program to be output by means of said output device (Lineman: [0075]: 
score the quizzes; [0082]: target the weakness that needs to be addressed). 

6. As per claim 3, Lineman discloses the computer system according to claim 2. Lineman 
further discloses said set of answers being stored in said memory means (Lineman: [0075]: 
determine the score). 
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7. As per claim 4, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said memory means being organized as a database (Lineman: 
[0052]). 



8. As per claim 5, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said computer system constituting a stand alone computer or 
alternatively a computer system including a network and a plurality of PC's each including an 
input device and an output device to be operated by a respective user (Lineman: [0026]: 
enterprise network). 



9. As per claim 6, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said central processor unit controls in said conversion of said piece 
of said security information into said information security object, said policy module to check in 
said memory means the possible presence of a corresponding security information object 
(Lineman: figure 2 and [0032]). 



10. As per claim 7, Lineman discloses a method of providing security awareness in an 
organization, comprising receiving a piece of security information (Lineman: [0032] and figure 
2: receive user specified security policy information), modularizing said piece of security 
information to create an information security object (Lineman: [0034]: the security policy object 
is created to affect the entire network), storing said information security object in a memory 
means, said information security object being generated in a policy module (Lineman: [0032]), 
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generating in a survey module an element of a questionnaire from said information security 
object and output said questionnaire including said element (Lineman: [0036]). 

11. As per claim 8, Lineman discloses the method according to claim 7. Lineman further 
discloses the method comprising the computer system according to any of the claims 1-3 
(Lineman: [0026] and [0031]). 

12. Claim 1 1 is rejected under 35 U.S.C. 102(e) as being anticipated by Townsend U.S. Pub. 
No. 20020188861 (hereinafter Townsend). 

13. As per claim 11, Townsend discloses a method of providing security awareness in an 
organization, comprising: receiving security information (Townsend: [0024]); modularizing the 
security information to create an information security object (Townsend: [0027]); assigning a 
security level value to said information security object; and compiling said information security 
object into a security policy including other information security objects having the same 
security level value (Townsend: [0027]); and generating in a survey module an element of a 
questionnaire from said ISO (Townsend: [0024] and [0053]); wherein said modular content 
includes an object category, an object descriptor, an object content, a content category, and a 
target group (Townsend: [0024]: tailor the questionnaire accordingly). 
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Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. Claims 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lineman in view 
of Townsend. 

16. As per claim 9, Lineman discloses a computer system for providing security awareness in 
an organization, comprising: a memory means coupled to a central processing unit; an input 
device coupled to said central processor unit for receiving security information into said 
computer system; and output device coupled to said central processor unit for outputting security 
information; and an information security object stored in said memory means, said information 
security object including modular content derived from said security information and having a 
unique identifier, said unique identifier used to link said information security object to an 
organization and the policy document is created according the security level of the organization 
specified by administrator (Lineman: [0032]-[0033]: the security policy is converted into 
machine readable and human readable forms and is modularized to affect the enterprise network; 
[0044] and [0055]: the administrator selects categories to tailor a policy document suitable for 
the organization and the policy includes identifier) wherein said modular content includes an 
object category, an object descriptor, an object content, a content category, and a target group 
(Lineman: [0044]: the policy wizard allows the administrator to draft questionnaires 
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accordingly); and a survey module communicating with said memory means and said output 
means for generating from said information security object an element of a questionnaire to be 
output by means of said output device (Lineman: [0036]: quiz associated with security policy 
document and figure 2). Lineman does not explicitly disclose the policy information includes a 
security level indicating the level that matches a default security level of the organization. 
However, Townsend discloses creating a security model based on the security level of an 
organization and the security model includes a countermeasure and strength level (Townsend: 
[0010]). It would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to prompt the administrator to select the desired security protection and 
determine a security level of an organization, then creating a security object suitable for the 
organization based on the security level because both prior art are related to enterprise security 
awareness system. Therefore, it would have been obvious to one having ordinary skill in the art 
at the time of applicant's invention to combine the teachings of Townsend within the system of 
Lineman because it provides reliable, repeatable, cost efficient, and consistent system for 
enterprise network (Townsend: [0009]). 

Response to Arguments 

17. Applicant's arguments filed on 10/1/08 have been fully considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant mainly argues that the prior art of record does 
not disclose automated system for generating questionnaires and that the ISO is distinct from 
policy documents. However, the claims are silent regarding the automation process and the 
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claims do not specifically differentiate the difference between ISO and policy document. 
Furthermore, Lineman discloses that the policy document can be used to automatically generate 
sets of quizzes to track user's understanding of policies (Lineman: [0067]). Therefore, applicant's 
argument is traversed in light of above explanation. 

Conclusion 

18. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHIN-HON CHEN whose telephone number is (571)272-3789. 
The examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/501 ,302 Page 9 

Art Unit: 2431 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Shin-Hon Chen 
Examiner 
Art Unit 2431 

/Shin-Hon Chen/ 
Examiner, Art Unit 243 1 



